1 / 11

Géant- TrustBroker Project O verview

Géant- TrustBroker Project O verview. Daniela Pöhn 7 th FIM4R meeting Frascati , Italy April 24 th , 2014. Géant-TrustBroker [GNTB]: The basic idea. Our goal (SP perspective): SPs connected to user’s identity provider (IDP)

lorin
Download Presentation

Géant- TrustBroker Project O verview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Géant-TrustBrokerProject Overview Daniela Pöhn 7th FIM4R meeting Frascati, Italy April 24th, 2014

  2. Géant-TrustBroker [GNTB]: The basic idea Our goal (SP perspective): • SPs connected to user’s identity provider (IDP) • Independent of federation borders • Establishing technical trust and configuration • Without involving manual setup work by SP and IDP admins

  3. Géant-TrustBroker [GNTB]: The basic idea More technical: • GNTB facilitates the user-triggered, on-demand exchange of IDP and SP metadata as basis for SAML-based AuthNZ • GNTB therefore complements existing • NREN and community federations • inter-federations (e.g., eduGAIN) • GNTB will automate the setup of IDP-SP communication • including user attribute conversion • excluding organizational aspects • GNTB will extend Shibboleth by IDP/SP plugins in order to • integrate the central metadata repository automatically • use attribute conversion rules • update the configurations of IDPs/SPs

  4. Background: Where are we today without GNTB? Current situation: • Two types of federations: • National federations operated by NRENs • Community federations operated by research communities / projects • The resulting problem:SP and the user’s IDP need to be members of the same federation (or inter-federation)

  5. Background: Where are we today without GNTB? Current situation: • eduGAIN approach:federation-of-federations-style inter-federation • Issues: • Additional contracts increase the overall complexity. • Inter-federation schema is only the common denominator of NREN federations  SPs may not get all required attributes • Set up technical stuff, e.g., attribute filters/release policies, manually. • IDPs have to trust SPs  SPs might not get all required attributes

  6. Géant-TrustBroker’s scope GNTB is… • a metadata registry: SPs and IDPs upload their metadata. • a user attribute conversion rule repository: conversion rules can be shared and re-used by other IDPs. • a virtual IDP and SP: The GNTB workflow seamlessly integrates into standard SAML workflows to “connect” SPs and IDPs on demand.

  7. Géant-TrustBroker’s scope • GNTB automates the technical setup of IDP-SP communication as far as possible. • GNTB does not handle organizational aspects, such as the demand for written contracts with commercial SPs. • eduGAIN and GNTB complement each other: • eduGAIN is the organizationally profound, long-term solution • GNTB allows for the quick setup of all technical aspects

  8. Géant-TrustBroker’s workflow GNTB workflows: • Management workflows: • IDP/SP metadata • conversion rules • Core workflow: technical trust establishment

  9. The GNTB project • GN3+ Open Call project (10/2013 – 03/2015) • Internet-Draftto IETF in summer 2014 • Shibboleth-basedprototype • Pilot operationshopefullystartearly2015

  10. The GNTB project • A milestonedocumentdescribingGNTB‘stechnicalworkflowsavailableon the GN intranet. • Presenting GNTB at TNC2014 • GNTB • includessomemorefeatures, such asAccountChooserfunctionality. • May beinterestingforotherusecases, e.g., rapid provisioning. • Pleasecontactusor check out the GNTB documentsfordetails.

  11. For more details, please see the documents published on TrustBroker’sGéant Intranet website: https://intranet.geant.net/JRA0/GEANT-TrustBroker To contact the project team, please email geant-trustbroker@lists.lrz.de

More Related